Exploiting silent delivery receipts to monitor users on instant messengers
13 days ago
- #messaging-apps
- #privacy
- #cybersecurity
- Mobile instant messaging apps have over 3 billion users globally and are essential for personal and professional communication.
- Delivery and read receipts in messaging apps can pose significant privacy risks to users.
- Specially crafted messages can trigger silent delivery receipts, allowing attackers to monitor users without their knowledge.
- Attackers can extract private information such as online status, activity status (screen on/off), and the number of active devices.
- The technique can also infer the operating system of the user's devices and launch resource exhaustion attacks (e.g., battery or data drain).
- Popular messengers like WhatsApp and Signal are vulnerable, and any user can be targeted simply by knowing their phone number.
- The paper calls for a design change to address these privacy and security issues.